Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Re: Security ERRATA Important: kernel on SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Monday 25th March 2013 14:04:50 UTC (over 3 years ago)
To address an issue with OpenIPMI not working with the new kernel, the 
following packages were added to the sl-security repo:

i386:
OpenIPMI-2.0.16-14.el6.i686.rpm
OpenIPMI-devel-2.0.16-14.el6.i686.rpm
OpenIPMI-libs-2.0.16-14.el6.i686.rpm
OpenIPMI-perl-2.0.16-14.el6.i686.rpm
OpenIPMI-python-2.0.16-14.el6.i686.rpm

x86_64:
OpenIPMI-2.0.16-14.el6.x86_64.rpm
OpenIPMI-devel-2.0.16-14.el6.i686.rpm
OpenIPMI-devel-2.0.16-14.el6.x86_64.rpm
OpenIPMI-libs-2.0.16-14.el6.i686.rpm
OpenIPMI-libs-2.0.16-14.el6.x86_64.rpm
OpenIPMI-perl-2.0.16-14.el6.x86_64.rpm
OpenIPMI-python-2.0.16-14.el6.x86_64.rpm


On 03/14/2013 09:39 AM, Pat Riehecky wrote:
> Synopsis: Important: kernel security and bug fix update
> Issue Date:        2013-03-12
> CVE Numbers:       CVE-2013-0228
>                    CVE-2013-0268
> -- 
>
> This update fixes the following security issues:
>
> * A flaw was found in the way the xen_iret() function in the Linux kernel
> used the DS (the CPU's Data Segment) register. A local, unprivileged user
> in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to
> crash the guest or, potentially, escalate their privileges.
> (CVE-2013-0228, Important)
>
> * A flaw was found in the way file permission checks for the
> "/dev/cpu/[x]/msr" files were performed in restricted root environments
> (for example, when using a capability-based security model). A local user
> with the ability to write to these files could use this flaw to escalate
> their privileges to kernel level, for example, by writing to the
> SYSENTER_EIP_MSR register. (CVE-2013-0268, Important)
>
> The system must be rebooted for this update to take effect.
> -- 
>
> SL6
>   x86_64
>     kernel-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-debug-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-debug-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-debug-devel-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-devel-2.6.32-358.2.1.el6.x86_64.rpm
>     kernel-headers-2.6.32-358.2.1.el6.x86_64.rpm
>     perf-2.6.32-358.2.1.el6.x86_64.rpm
>     perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm
>     python-perf-debuginfo-2.6.32-358.2.1.el6.x86_64.rpm
>     python-perf-2.6.32-358.2.1.el6.x86_64.rpm
>   i386
>     kernel-2.6.32-358.2.1.el6.i686.rpm
>     kernel-debug-2.6.32-358.2.1.el6.i686.rpm
>     kernel-debug-debuginfo-2.6.32-358.2.1.el6.i686.rpm
>     kernel-debug-devel-2.6.32-358.2.1.el6.i686.rpm
>     kernel-debuginfo-2.6.32-358.2.1.el6.i686.rpm
>     kernel-debuginfo-common-i686-2.6.32-358.2.1.el6.i686.rpm
>     kernel-devel-2.6.32-358.2.1.el6.i686.rpm
>     kernel-headers-2.6.32-358.2.1.el6.i686.rpm
>     perf-2.6.32-358.2.1.el6.i686.rpm
>     perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm
>     python-perf-debuginfo-2.6.32-358.2.1.el6.i686.rpm
>     python-perf-2.6.32-358.2.1.el6.i686.rpm
>   noarch
>     kernel-doc-2.6.32-358.2.1.el6.noarch.rpm
>     kernel-firmware-2.6.32-358.2.1.el6.noarch.rpm
>
> - Scientific Linux Development Team


-- 
Pat Riehecky

Scientific Linux developer
http://www.scientificlinux.org/
 
CD: 3ms